Chromium Engine Vulnerability Allows Researchers to Exhaust Memory and Cause Crashes in 30 Seconds

Researchers have discovered a vulnerability in the Chromium engine that can exhaust memory and cause crashes in as little as 30 seconds. Despite this, Google has yet to patch the issue. According to a report by [Landian News](https://www.landiannews.com/archives/111050.html), a proof-of-concept (PoC) exploit has been made available by [Brash](https://ygcaicn.github.io/Brash).

The vulnerability stems from the `document.title` API, which updates without any rate limiting. This allows attackers to inject hundreds of millions of DOM changes per second, blocking the main thread and disrupting the event loop, ultimately leading to a crash.

The researchers claim that this attack vector is particularly concerning because it can be used to exhaust memory and cause crashes in a matter of seconds. This highlights the need for Google to prioritize patching this vulnerability and implementing rate limiting on the `document.title` API to prevent similar attacks in the future.

Chromium Engine Vulnerability Allows Researchers to Exhaust Memory and Cause Crashes in 30 Seconds

Fugitives Break Out of Detention Center, Police Launch Manhunt

That's all.